php,CURLAUTH_NTLM和身份验证不适用于NTLM代理
[英]php, CURLAUTH_NTLM and authentication is not working for NTLM proxy
问题描述
I'm trying to use internet from php scripts on Windows 7, via company NTLM proxy server. 
我正在尝试通过公司NTLM代理服务器从Windows 7上的php脚本使用Internet。 The goal is to parse a external web page via php. 目标是通过php解析外部网页。
After long dig on the internet, I tried several solutions that didn't work, like those (and a lot of variations): 在Internet上漫长的挖掘之后,我尝试了几种无效的解决方案,例如那些(以及很多变体):
$PROXY_HOST = "10.10.20.30"; // Proxy server address
$PROXY_PORT = "8080"; // Proxy server port
$PROXY_USER = "myuser"; // Username
$PROXY_PASS = "mypass"; // Password
$auth = base64_encode("$PROXY_USER:$PROXY_PASS");
stream_context_set_default(
array(
'http' => array(
'proxy' => "tcp://$PROXY_HOST:$PROXY_PORT",
'request_fulluri' => true,
'header' => "Proxy-Authorization: Basic $auth"
)
)
);
Or this one 还是这个
$proxy = "10.10.20.30:8080";
$useragent="Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1";
$url = "https://www.google.com";
$credentials = "myuser:mypass";
$ch = curl_init();
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT,15);
curl_setopt($ch, CURLOPT_HTTP_VERSION,'CURL_HTTP_VERSION_1_1' );
curl_setopt($ch, CURLOPT_HTTPPROXYTUNNEL, 1);
curl_setopt($ch, CURLOPT_PROXY, $proxy);
curl_setopt($ch, CURLOPT_PROXYUSERPWD,$credentials);
curl_setopt($ch, CURLOPT_USERAGENT,$useragent);
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_NTLM);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION,1);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER,0);
$result=curl_exec ($ch);
curl_close ($ch);
echo 'RES: '.$result;
Firefox (Chrome, IE) can handle NTLM just fine, but I have no idea how to implement this in php. Firefox(Chrome,IE)可以很好地处理NTLM,但我不知道如何在php中实现。
Basically I presume that I should emulate what browser does: - make a http request - get the random - make the MD4(5) with my credentials - etc 基本上,我假设我应该模拟浏览器的功能:-发出http请求-随机获得-使用我的凭据制作MD4(5)-等等
Why CURLAUTH_NTLM isn't working in my case? 为什么在我的情况下CURLAUTH_NTLM无法正常工作? Can I bypass php functions and use some windows native (but.. exists?) to grab a url and get the text via this method? 我可以绕过php函数并使用某些Windows本机(但存在吗?)来获取网址并通过此方法获取文本?
Thanks in advance, 提前致谢,
EDIT #1 编辑#1
Here are my CURL settings 这是我的CURL设置
EDIT #2 编辑#2
And here it is the FF network analysis 这是FF网络分析
EDIT #3 编辑#3
Hmm... I upgraded the PHP version to latest 7.2.3 (instead of 5.5.12) and almost begin to understand with the NIGHTMARE proxy server :) 嗯...我将PHP版本升级到最新的7.2.3(而不是5.5.12),并且几乎开始使用NIGHTMARE代理服务器了:)
* Trying 10.10.10.10...
* TCP_NODELAY set
* Connected to 10.10.10.10 (10.10.10.10) port 8080 (#0)
* allocate connect buffer!
* Establish HTTP proxy tunnel to google.com:443
* Proxy auth using NTLM with user 'myuser'
> CONNECT google.com:443 HTTP/1.1
Host: google.com:443
Proxy-Authorization: NTLM xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
==
Proxy-Connection: Keep-Alive
< HTTP/1.1 407 Proxy Authentication Required
< Proxy-Authenticate: NTLM xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx=
< Proxy-Connection: keep-alive
< Content-Length: 0
<
* Establish HTTP proxy tunnel to google.com:443
* Proxy auth using NTLM with user 'myuser'
> CONNECT google.com:443 HTTP/1.1
Host: google.com:443
Proxy-Authorization: NTLM xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx=
Proxy-Connection: Keep-Alive
< HTTP/1.0 200 Connection established
< Via: HTTP/1.1 proxy10505
<
* Proxy replied 200 to CONNECT request
* CONNECT phase completed!
* ALPN, offering http/1.1
* CONNECT phase completed!
* CONNECT phase completed!
* error:14094419:SSL routines:ssl3_read_bytes:tlsv1 alert access denied
* stopped the pause stream!
* Closing connection 0
ERR: error:14094419:SSL routines:ssl3_read_bytes:tlsv1 alert access denied
Array
(
[url] => https://google.com/
[content_type] =>
[http_code] => 0
[header_size] => 231
[request_size] => 562
[filetime] => -1
[ssl_verify_result] => 1
[redirect_count] => 0
[total_time] => 0.375
[namelookup_time] => 1.0E-6
[connect_time] => 0.094
[pretransfer_time] => 0
[size_upload] => 0
[size_download] => 0
[speed_download] => 0
[speed_upload] => 0
[download_content_length] => -1
[upload_content_length] => -1
[starttransfer_time] => 0
[redirect_time] => 0
[redirect_url] =>
[primary_ip] => 10.10.10.10
[certinfo] => Array
(
)
[primary_port] => 8080
[local_ip] => 10.10.10.10
[local_port] => 49902
)
The CURL version is CURL版本是
OUT: Array
(
[version_number] => 473344
[age] => 4
[features] => 2428829
[ssl_version_number] => 0
[version] => 7.57.0
[host] => i386-pc-win32
[ssl_version] => OpenSSL/1.1.0g
[libz_version] => 1.2.11
[protocols] => Array
(
[0] => dict
[1] => file
[2] => ftp
[3] => ftps
[4] => gopher
[5] => http
[6] => https
[7] => imap
[8] => imaps
[9] => ldap
[10] => pop3
[11] => pop3s
[12] => rtsp
[13] => scp
[14] => sftp
[15] => smb
[16] => smbs
[17] => smtp
[18] => smtps
[19] => telnet
[20] => tftp
)
)
Now what means this error ??? 现在什么意思这个错误?
error:14094419:SSL routines:ssl3_read_bytes:tlsv1 alert access denied 错误:14094419:SSL例程:ssl3_read_bytes:tlsv1警报访问被拒绝
2 个解决方案
解决方案1
1 2018-03-07 09:06:53
Some people use CNTLM proxy for this kind of problems. 有些人将CNTLM代理用于此类问题。
Why CURLAUTH_NTLM isn't working in my case?
Maybe it's not supported. 也许不支持。 Run a phpinfo and check that the CURLAUTH_NTLM prerequisites are OK : 运行phpinfo并检查CURLAUTH_NTLM的前提条件是否正确:
You need to build libcurl with either OpenSSL, GnuTLS or NSS support for this option to work, or build libcurl on Windows with SSPI support.
解决方案2
1 已采纳 2018-03-08 17:13:20
Replace this: 替换为:
curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_NTLM);
by this: 这样:
curl_setopt($ch, CURLOPT_PROXYAUTH, CURLAUTH_NTLM);
See https://curl.haxx.se/libcurl/c/CURLOPT_PROXYAUTH.html 参见https://curl.haxx.se/libcurl/c/CURLOPT_PROXYAUTH.html
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.